摘要
在系统分析信息安全风险要素及评估过程的基础上,针对评估过程中的不确定性信息难以量化处理的问题,引入贝叶斯网络推理算法,并结合专家知识给出贝叶斯网络下的推理规则条件概率矩阵,从而构建了信息安全风险评估模型.最后以实例分析了基于此模型的风险评估方法.仿真结果表明该方法是一种有效的评估算法,较为准确地了反映了信息安全的风险等级,为信息安全风险评估提供了一种新的思路.
The risk factors for information security and its assessment process are analyzed completely. According to the characteristic of uncertainty information in the assessment process, the reasoning algorithm on Bayesian Networks is presented, and the conditional probability matrix of the reasoning rule is given base on the expert knowledge. Thus, the model of information security risk assessment is constructed. Finally, an instance of the risk assessment approach on the model is analyzed, which demonstrates the rationality and feasibility of this method. So it provides a new method for information security assessment.
出处
《武汉大学学报(理学版)》
CAS
CSCD
北大核心
2006年第5期631-634,共4页
Journal of Wuhan University:Natural Science Edition
基金
国家自然科学基金资助项目(70471031)
关键词
贝叶斯网络
风险评估
信息安全
Bayesian network
risk assessment
information security